StrelaStealer is a type of malicious software categorized as an infostealer. Its main objective is to infiltrate computer systems and illicitly acquire sensitive user data, particularly email login credentials. It was first identified in November 2022. When it first arrived on scene, it targeted Spanish-speaking victims using ISO files to distribute the malware. It has since evolved.
Current campaigns are using spear phishing emails that contain ZIP file attachments. Once the file is downloaded, a Jscript file infects the victim’s system and runs a portable executable DLL file, that deploys the payload. StrelaStealer targets victim’s email credentials. It exfiltrates login data from the email account and sends it back to the attacker’s command and control (C2) server.
Over one hundred organizations across the EU and US have been affected by StrelaStealer in an organized malware attack. It has been observed that StrelaStealer now features better obfuscation techniques to evade detection. Making it a significant threat to email security.
Organizations need to remain vigilant to protect their sensitive information. Here are a few ways to ensure this happens:
- Use a private and secure email service
- Use a strong password and password manager. Implement strong password policies.
- Use email security solutions
- Regularly update and patch email systems
- Enable multi-factor authentication
- Use an encryption add-on
- Implement data loss prevention (DLP) strategies to monitor and control the flow of sensitive information outside the organization.
- Educate users on a regular basis
These steps can help protect an organization from various email threats and ensure the integrity and confidentiality of email communications. Following these best practices can help protect against StrelaStealer and other malware actors. To ensure you are best protected from outside threats, rely on a technology solutions provider such as 2W Tech, to help evaluate your security posture and ensure your organization is in the best position to defend against outside threats.
Read More: